Download Gallery 2.2.4

Last Monday version 2.2.4 of Gallery was released. Gallery is an advanced program written in PHP for creating online photo albums. For example, unlike JAlbum, for example, the photos are stored in a database and a web server is needed to run the whole thing. Others features for example, the Photo Management option that can automatically create thumbnails, rotate and resize photos, among other things. It is also possible to grant read and/or write permissions to the albums and there are countless modules to further expand the possibilities or appearance to adjust. Version 2.2.4 fixes some serious security vulnerabilities and upgrading is strongly recommended. More information can be found in the changelog:

Gallery 2.2.4 addresses the following security vulnerabilities:

• Publish XP module – Fixed unauthorized album creation and file uploads.
• URL rewrite module – Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection.
• Core / add-item modules – Fixed Cross Site Scripting (XSS) vulnerabilities through malicious file names.
• Installation (Gallery application) – Update web-accessibility protection of the storage folder for Apache 2.2.
• Core (Gallery application) / MIME module – Fixed vulnerability in checks for disallowed file extensions in file uploads.
• Gallery Remote module – Added missing permissions checks for some GR commands.
• WebDAV module – Fixed Cross Site Scripting (XSS) vulnerability through HTTP PROPPATCH.
• WebDAV module – Fixed information (item data) disclosure in a WebDAV view.
• WebDAV module – Bug fix for directory listing issue (not security related).
• Comment module – Fixed information (item data) disclosure in comment views.
• Core module (Gallery application) – Improved resilience against item information disclosure attacks.
• Slideshow module – Fixed information (item data) disclosure in the slideshow.
• Print modules – Fixed information (item data) disclosure in several print modules.
• Core / print modules – Fixed arbitrary URL redirection (phishing attacks) in the core module and several print modules.
• WebCam module – Fixed proxy request weakness.

[break]